Merge PR #373 into 18.0

Signed-off-by bguillot

Author: OCA-git-bot

base_group_backend/README.rst

@@ -0,0 +1,181 @@
+=============
+Group backend
+=============
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:94aa0fca553bd76339b493d1406d1fad68c724126ff95cfecea7d30228bd6b90
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Alpha
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-backend/tree/18.0/base_group_backend
+    :alt: OCA/server-backend
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-backend-18-0/server-backend-18-0-base_group_backend
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=18.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module adds two "Backend User" groups (``group_backend`` and
+``group_backend_ui_users``) with restricted access to odoo backend only
+(``/web``), with less and more controlled access than the native
+"Internal User" group.
+
+   The problem with the "Internal User" group (``base.group_user``) is
+   that it can be used by any new module added to your project, so you
+   don't control clearly this group's accesses.
+
+The UI access is provided only for ``group_backend_ui_users`` :
+
+-  minimal default access rules to access the user's own data:
+
+   -  users and partners
+   -  mail activity, notification and channel
+   -  presence
+
+-  minimal default menu to restrict the available ones:
+
+   -  notification
+   -  activities
+
+Here is an example where a user from ``group_backend_ui_users`` can only
+access and use the Dummy App. No other application is available to this
+user (you may define your own application instead of the Dummy one).
+
+|image1|
+
+We suggest to use this module with its companion ``base_user_role``.
+
+Limitations
+-----------
+
+At the time of writing, Odoo uses ``user.share == False`` and
+``user.has_group("base.group_user") == True`` to give the backend access
+to ``user``.
+
+So technically, the module does 2 things :
+
+-  It sets the ``share`` parameter to ``False`` for ``group_backend``
+   users.
+-  It hijacks the ``has_group`` method of res.users by returning
+   ``True`` for ``group_backend`` users when the requested group is
+   ``base.group_user``
+
+This avoids to write a lot of overwrite in different controllers from
+different modules ('portal', 'web', 'base', 'website') with hard coded
+statements that check if user is part of the ``base.group_user`` or
+``share == False`` group.
+
+.. |image1| image:: https://raw.githubusercontent.com/OCA/server-backend/18.0/base_group_backend/static/description/dummy_app.png
+
+.. IMPORTANT::
+   This is an alpha version, the data model and design can change at any time without warning.
+   Only for development or testing purpose, do not use in production.
+   `More details on development status <https://odoo-community.org/page/development-status>`_
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+To allow a user from the ``group_backend_ui_users`` group to interact
+with a specific model you can either add an access rules to this model
+for ``group_backend_ui_users`` or you can add ``group_backend_ui_users``
+to the ``implied_ids`` of a new specific group.
+
+The Backend groups are from the "User types" category
+(``base.module_category_user_type``), the same category as "Internal
+User" (``base.group_user``), "Portal" (``base.group_portal``) or Public
+(``base.group_public``). Be aware that a user can only belongs to **one
+group of this category**.
+
+Usage
+=====
+
+To use this module, add a user to the group "Backend user" or "Backend
+UI user" through the user's form page.
+
+|image1|
+
+If you created a specific group with ``group_backend`` or
+``group_backend_ui_users`` in its ``implied_ids``, you need to go
+through the group's form page in order to add the user to this specific
+group, because it won't be displayed on the user's form page (a specific
+group with its own category is displayed on user's form page only if the
+group inherits the "Internal user" group).
+
+This module also **restricts the root menus** displayed to Backend
+users, so be sure to explicitly add your Backend group to all the
+necessary root menus for these users.
+
+.. |image1| image:: https://raw.githubusercontent.com/OCA/server-backend/18.0/base_group_backend/static/description/backend_ui.png
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_group_backend%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* Pierre Verkest
+
+Contributors
+------------
+
+-  Pierre Verkest <pierreverkest84@gmail.com>
+-  François Poizat <francois.poizat@gmail.com>
+
+Do not contact contributors directly about support or help with
+technical issues.
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-FranzPoize| image:: https://github.com/FranzPoize.png?size=40px
+    :target: https://github.com/FranzPoize
+    :alt: FranzPoize
+.. |maintainer-bealdav| image:: https://github.com/bealdav.png?size=40px
+    :target: https://github.com/bealdav
+    :alt: bealdav
+
+Current `maintainers <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-FranzPoize| |maintainer-bealdav| 
+
+This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/18.0/base_group_backend>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

base_group_backend/__init__.py

@@ -0,0 +1,2 @@
+from . import models
+from . import demo

base_group_backend/__manifest__.py

@@ -0,0 +1,29 @@
+# Copyright 2021 Pierre Verkest <pierreverkest84@gmail.com>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
+{
+    "name": "Group backend",
+    "version": "18.0.1.0.0",
+    "development_status": "Alpha",
+    "category": "Tools",
+    "author": "Pierre Verkest, Odoo Community Association (OCA)",
+    "license": "LGPL-3",
+    "website": "https://github.com/OCA/server-backend",
+    "depends": [
+        "base",
+        "mail",
+        "calendar",
+    ],
+    "maintainers": ["FranzPoize", "bealdav"],
+    "demo": [
+        "demo/test-model.xml",
+        "demo/ir.model.access.csv",
+        "demo/backend_dummy_model.xml",
+        "demo/res_partners.xml",
+        "demo/res_users.xml",
+    ],
+    "data": [
+        "data/res_groups.xml",
+        "security/ir.model.access.csv",
+    ],
+    "installable": True,
+}

base_group_backend/data/res_groups.xml

@@ -0,0 +1,42 @@
+<odoo>
+    <record model="res.groups" id="base_group_backend">
+        <field name="name">Backend user</field>
+        <field name="category_id" ref="base.module_category_user_type" />
+        <field name="comment">
+            This group is used to gives user backend access.
+
+            While users in `base.group_user` gets a lot of default access
+            which makes hard to define properly records/rules/menu access.
+
+            So for maintainability you shouldn't linked any access right, rules,
+            menu, and so on to this group directly.
+
+            The only intent of this groups is to be able to get a session
+            to Odoo backend (`/web`).
+        </field>
+    </record>
+
+    <record model="res.groups" id="group_backend_ui_users">
+        <field name="name">Backend UI user</field>
+        <field name="category_id" ref="base.module_category_user_type" />
+        <field name="comment">
+            This group is used to gives user basic ui access.
+        </field>
+        <field
+            name="rule_groups"
+            eval="[
+                (6, 0,[
+                    ref('base.ir_default_user_rule'),
+                    ref('base.ir_filters_delete_own_rule'),
+                    ref('base.ir_filters_employee_rule'),
+                    ref('base.res_company_rule_employee'),
+                    ref('mail.ir_rule_mail_notifications_group_user'),
+                    ref('mail.ir_rule_discuss_channel_all'),
+                    ref('mail.ir_rule_discuss_channel_member_is_self_all'),
+                    ref('mail.ir_rule_discuss_channel_member_read_all'),
+                    ref('mail.mail_activity_rule_user'),
+                ]),
+            ]"
+        />
+    </record>
+</odoo>

base_group_backend/demo/__init__.py

@@ -0,0 +1,4 @@
+from odoo.tools import config
+
+if not config["without_demo"]:
+    from . import backend_dummy_model

base_group_backend/demo/backend_dummy_model.py

@@ -0,0 +1,15 @@
+from odoo import fields, models
+
+
+class BackendDummyModel(models.Model):
+    _name = "backend.dummy.model"
+    _description = "Backend Dummy Model demo"
+
+    my_value = fields.Char(name="Value", required=True)
+    my_other_value = fields.Char(name="Other value", required=True)
+    date_start = fields.Datetime(
+        name="Date start", required=True, default=fields.Datetime.now
+    )
+    date_stop = fields.Datetime(
+        name="Date stop", required=True, default=fields.Datetime.now
+    )

base_group_backend/demo/backend_dummy_model.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo noupdate="1">
+    <record id="backend_dummy_model_tree_view" model="ir.ui.view">
+        <field name="name">Backend dummy list view</field>
+        <field name="model">backend.dummy.model</field>
+        <field name="arch" type="xml">
+            <list create="false" delete="false">
+                <field name="my_value" />
+                <field name="my_other_value" groups="base.group_user" />
+            </list>
+        </field>
+    </record>
+
+    <record id="action_dummy_list" model="ir.actions.act_window">
+        <field name="name">Dummies</field>
+        <field name="type">ir.actions.act_window</field>
+        <field name="res_model">backend.dummy.model</field>
+        <field name="view_mode">list,form,kanban,calendar,pivot,graph,activity</field>
+        <field name="view_id" ref="backend_dummy_model_tree_view" />
+    </record>
+
+    <menuitem
+        id="menu_dummy_root"
+        name="Dummy"
+        sequence="100"
+        groups="group_backend_ui_users,base.group_user"
+    />
+    <menuitem
+        id="menu_dummy_menu"
+        name="Dummy"
+        sequence="10"
+        groups="group_backend_ui_users,base.group_user"
+        parent="menu_dummy_root"
+    />
+    <menuitem
+        id="menu_dummy_list"
+        name="Dummy list"
+        sequence="100"
+        groups="group_backend_ui_users,base.group_user"
+        parent="menu_dummy_root"
+        action="action_dummy_list"
+    />
+
+    <menuitem id="menu_root_no_group" name="No Group" sequence="100" />
+    <menuitem
+        id="menu_dummy_list_no_group"
+        name="Dummy list No group"
+        sequence="100"
+        groups="group_backend_ui_users,base.group_user"
+        parent="menu_root_no_group"
+        action="action_dummy_list"
+    />
+</odoo>

base_group_backend/demo/ir.model.access.csv

@@ -0,0 +1,3 @@
+"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
+"backend_dummy_models","backend dummy.model","model_backend_dummy_model",group_backend_ui_users,1,0,0,0
+"backend_dummy_models_user_grp","backend dummy.model user grp","model_backend_dummy_model",base.group_user,1,0,0,0

base_group_backend/demo/res_partners.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo noupdate="1">
+    <record id="demo_partner" model="res.partner">
+        <field name="name">Demo partner backend</field>
+    </record>
+    <record id="demo_partner1" model="res.partner">
+        <field name="name">Demo partner backend 1</field>
+    </record>
+    <record id="demo_partner2" model="res.partner">
+        <field name="name">Demo partner backend 2</field>
+    </record>
+</odoo>

base_group_backend/demo/res_users.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo noupdate="1">
+    <record id="user_demo" model="res.users">
+        <field name="login">demo backend user</field>
+        <field name="groups_id" eval="[Command.set([ref('base.group_user')])]" />
+        <field name="partner_id" ref="base_group_backend.demo_partner" />
+    </record>
+    <record id="user_demo_external" model="res.users">
+        <field name="login">demo backend user 1</field>
+        <field name="groups_id" eval="[Command.set([ref('base.group_portal')])]" />
+        <field name="partner_id" ref="base_group_backend.demo_partner1" />
+    </record>
+    <record id="user_demo_external_with_ui" model="res.users">
+        <field name="login">demo backend user 2</field>
+        <field
+            name="groups_id"
+            eval="[Command.set([ref('base_group_backend.group_backend_ui_users')])]"
+        />
+        <field name="partner_id" ref="base_group_backend.demo_partner2" />
+    </record>
+</odoo>